公开(公告)号：US08935675B1

公开(公告)日：2015-01-13

申请号：US14036186

申请日：2013-09-25

Applicant: Google Inc.

Inventor： Michael Daniel Vrable ,  Ulfar Erlingsson ,  Yinqian Zhang

IPC: G06F9/44 ,  G06F11/34

CPC classification number: G06F11/3096 ,  G06F11/3006

Abstract: A method includes receiving a budget cost for monitoring a plurality of tracepoints that occur as a result of operation of a device. The method further includes organizing a plurality of tracepoints into buckets such that each of the buckets corresponds to a range of expected interarrival times, and all tracepoints in a bucket have an expected interarrival time that is within the range for that bucket. The method further includes assigning a trigger to a first plurality of the bucketed tracepoints to yield a plurality of triggered tracepoints, wherein the triggers are proportionally assigned such that a tracepoint having a low expected interarrival time is less likely to be assigned a trigger than an tracepoint having a associated expected interarrival time such that an expected cost of the triggered tracepoints does not exceed the budget cost. Additionally, the method includes monitoring tracepoint occurrence during a first period of operation.

Abstract translation: 一种方法包括接收用于监视作为设备的操作的结果而发生的多个跟踪点的预算成本。 该方法还包括将多个跟踪点组织到桶中，使得每个桶对应于期望的跨越时间的范围，并且桶中的所有跟踪点具有在该桶的范围内的预期的间隔时间。 所述方法还包括将触发分配给第一多个所述桶式跟踪点以产生多个触发的跟踪点，其中所述触发器被按比例地分配，使得具有低预期间隔时间的跟踪点不太可能被分配比跟踪点的触发 具有相关的期望的时间间隔，使得触发的跟踪点的预期成本不超过预算成本。 另外，该方法包括在第一操作周期期间监视跟踪点的发生。

公开(公告)号：US09516032B2

公开(公告)日：2016-12-06

申请号：US14498284

申请日：2014-09-26

Applicant: Google Inc.

Inventor： Ulfar Erlingsson

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/102 ,  G06F21/6218 ,  G06F21/6281

Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.

Abstract translation: 符合本发明特征的方法，系统和制品允许在包括用户帐户的计算机系统中产生和使用派生用户帐户或DUA。 特别地，派生规则定义了如何根据现有的原始用户帐户（OUA）链接到或创建DUA。 推导转换还可以根据其对应的OU来更新DUA的状态，或者从DUA的状态向其对应的OU的状态提供反馈。

公开(公告)号：US09246926B2

公开(公告)日：2016-01-26

申请号：US13953339

申请日：2013-07-29

Applicant: Google Inc.

Inventor： Ulfar Erlingsson ,  Xavier Boyen ,  Darrell Anderson ,  Wayne Gray

IPC: H04L29/06 ,  G06Q20/40 ,  H04N1/32 ,  G06F21/10 ,  G06F21/60 ,  H04N21/8358

CPC classification number: H04L63/12 ,  G06F21/10 ,  G06F21/60 ,  G06Q20/401 ,  H04L63/08 ,  H04L63/123 ,  H04L63/20 ,  H04L2209/608 ,  H04N1/32144 ,  H04N21/8358

Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted, into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.

Abstract translation: 公开了用于通过包括发射设备和接收设备的网络提供安全传输的方法和系统。 在发送装置，生成水印比特流。 接下来，生成多个水印，多个水印中的每一个包括索引号和水印比特流的一部分。 将水印插入到多个输出分组的每个报头中。 在接收装置中，接收多个输出分组，并且基于接收分组的报头中的水印确定接收到的分组是否有效。 水印比特流可以使用诸如RC4的流密码，CBC模式中的诸如3DES的块密码或其他等效的伪随机流生成技术来生成。

公开(公告)号：US09397990B1

公开(公告)日：2016-07-19

申请号：US14074941

申请日：2013-11-08

Applicant: Google Inc.

Inventor： Ankur Taly ,  Ulfar Erlingsson ,  Arnar Birgisson ,  Joseph Gibbs Politz ,  Mark Lentczner

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04L63/0807 ,  H04L63/10

Abstract: A method of controlling the sharing of data between entities that are in electronic communication with each other may include generating an authentication credential comprising an identifier for the target service and a unique signature, attenuating the authentication credential, and determining whether a client device is authorized to access the target service, and, only if so, providing the authentication credential to the client device. In an embodiment, the method may include receiving an access request from the client device, identifying that the authentication credential includes the unique signature and a third party caveat that is associated with a third party authentication service, in response to the identifying, determining whether the request also comprises a discharge credential for the third party caveat, and if the request includes the discharge credential, providing the client device with the requested service, otherwise denying the request.

Abstract translation: 控制彼此进行电子通信的实体之间的数据共享的方法可以包括生成包括目标服务的标识符和唯一签名的认证证书，衰减认证证书，以及确定客户端设备是否被授权 访问目标服务，并且只有在此情况下，向客户端设备提供验证凭据。 在一个实施例中，该方法可以包括从客户端设备接收访问请求，识别认证证书包括唯一签名和与第三方验证服务相关联的第三方注意事项，以响应于识别，确定是否 请求还包括用于第三方警告的排出凭证，并且如果请求包括排出凭证，则向客户端设备提供所请求的服务，否则拒绝该请求。

公开(公告)号：US08875281B2

公开(公告)日：2014-10-28

申请号：US14171512

申请日：2014-02-03

Applicant: Google Inc.

Inventor： Ulfar Erlingsson

IPC: G06F21/62

CPC classification number: H04L63/102 ,  G06F21/6218 ,  G06F21/6281

Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.

Abstract translation: 符合本发明特征的方法，系统和制品允许在包括用户帐户的计算机系统中产生和使用派生用户帐户或DUA。 特别地，派生规则定义了如何根据现有的原始用户帐户（OUA）链接到或创建DUA。 推导转换还可以根据其对应的OU来更新DUA的状态，或者从DUA的状态向其对应的OU的状态提供反馈。

公开(公告)号：US20150052592A1

公开(公告)日：2015-02-19

申请号：US14498284

申请日：2014-09-26

Applicant: Google Inc.

Inventor： Ulfar Erlingsson

IPC: H04L29/06

CPC classification number: H04L63/102 ,  G06F21/6218 ,  G06F21/6281

Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.

Abstract translation: 符合本发明特征的方法，系统和制品允许在包括用户帐户的计算机系统中产生和使用派生用户帐户或DUA。 特别地，派生规则定义了如何根据现有的原始用户帐户（OUA）链接到或创建DUA。 推导转换还可以根据其对应的OU来更新DUA的状态，或者从DUA的状态向其对应的OU的状态提供反馈。